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Response to Amendment 

1. This office action is responsive to tine amendment filed on February 17'^ 2009. 
Claims 1-19, 21-22, and 24-45 are presented for the further examination. 

Response to Arguments 

2. Applicant's arguments with respect to claims 1-19, 21-22, and 24-45 have been 
considered but are moot in view of the new ground(s) of rejection. 

Claim Objections 

3. Claims 1-45 are objected to because of the following informalities: Claims 1-45 
recites "receiving at the first processor, packet; reading, at the first processor, an N- 
tuple address of the first processor". It is unclear whether or not "the first processor" is 
hardware processor such as CPU or software processor such as "processor module" as 
the specification discloses "data processor" and "client processor". For the purpose of 
examination and by giving the broadest reasonable interpretation to claimed subject 
matter, "the processor" is treated as a software processor as there are enough 
evidences that such "processor" could be implemented as software. 

Claim Rejections - 35 USC § 101 

4. 35 U.S.C. 101 reads as follows: 



Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 
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5. Claims 27-29 are rejected under 35 U.S.C. 101 because the claimed invention is 

directed to non-statutory subject matter. 

Claims 27-29 now recites "a system for addressing packets in a firewall 
cluster..." and "a firewall cluster within a single network..." are directed towards a 
software means. As evidenced by claims 38-45 and supported by paragraph 053 
of the current application specification discloses that applicant intends to use 
software such as computer programs, machine instructions, and high level codes 
that can be executed by the compiler. As per claim objection, stated above, 
however, such programs, instructions, and codes are not part of the hardware 
machine, processor, or compiler. Therefore, claims are directed towards non- 
statutory subject matter. 

The claims lack the necessary physical articles or objects to constitute a 
machine or a manufacture within the meaning of 35 USC 101. They are clearly 
not a series of steps or acts to be a process nor are they a combination of 
chemical compounds to be a composition of matter. As such, they fail to fall 
within a statutory category. They are, at best, functional descriptive material per 
se. 

Descriptive material can be characterized as either "functional descriptive 
material" or "nonfunctional descriptive material." Both types of "descriptive 
material" are nonstatutory when claimed as descriptive material per se, 33 F.3d 
at 1360, 31 USPQ2d at 1759. When functional descriptive material is recorded 
on some computer-readable medium, it becomes structurally and functionally 
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interrelated to the medium and will be statutory in most cases since use of 
technology permits the function of the descriptive material to be realized. 
Compare In re Lowry, 32 F.3d 1579, 1583-84, 32 USPQ2d 1031, 1035 (Fed. Cir. 
1994) 

Merely claiming non functional descriptive material, i.e., abstract ideas, 
stored on a computer-readable medium, in a computer, or on an electromagnetic 
carrier signal, does not make it statutory. See Diehr, 450 U.S. at 185-86, 209 
USPQ at 8 (noting that the claims for an algorithm in Benson were unpatentable 
as abstract ideas because "[t]he sole practical application of the algorithm was in 
connection with the programming of a general purpose computer."). 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the phor art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. Claims 1-14, 17-19, 21-22, 27-28, 30-35, 38-42 and 45 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Partridge et al US Patent Number 6,160,811 
(hereinafter Partridge), Mikkonen US Patent Number 6,885,633 B1 (hereinafter 
Mikkonen) and further in view of Bommareddy et al US Patent Number 6,880,089 
(hereinafter Bommareddy). 
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As per claim 1 , Partridge discloses receiving, at a first processor, a first 
packet (column 2, lines 11-17); determining as a function of a multidimensional 
space for representing addresses [data link format for header, column 2, lines 
25-26] processed by a set of data processors, a first address for the first packet 
(see Figure 1, column 3, line 65 - column 4, line 11); and forwarding the first 
packet based on the determined first address (see Figure 1, column 3, line 65 - 
column 4, line 11). 

However, Partridge is silent about selecting one of the firewall nodes for 
processing a first packet wherein a first processor is associated with the selected 
firewall node and having a firewall cluster within the single network. 

Mikkonen teaches selecting one of the firewall nodes for processing a first 
packet wherein a first processor is associated with the selected firewall node 
(See figure 1 , blocks 100a - 100b, see column 2, line 65 - column 3, line 40). 

Bommareddy teaches a firewall cluster within the single network (see 
figures 1, 4, and 8, column 1, line 66 - column 2, line 60, column 3, line 1 - 
column 4, line 58, column 6, line 13 - column 8, line 45, column 9, line 5 - 
column 10, line 67) and processing the set of data packet from first packet from 
first address to second address wherein the second address being within a range 
of addresses assigned by firewall cluster ((see figures 1 , 4, and 8, column 1 , line 
66 - column 2, line 60, column 3, line 1 - column 4, line 58, column 6, line 13 - 
column 8, line 45, column 9, line 5 - column 10, line 67, column 11, lines 9-65, 
column, column 15, line 40 - column 18, line 36)). 



Application/Control Number: 10/712,396 Page 6 

Art Unit: 2451 

Therefore, it would liave been obvious to one liaving ordinary si^ill in the 
art at the time the invention was made to combine the teachings of Partridge, 
Mil<l<onen and Bommareddy to provide a enhanced pacl<et switched data 
handling system to a high speed network device securely switching data between 
the high speed network devices communicating behind the firewall clustering 
system using a enhanced hash function and arithmetic operations whereas the 
firewall cluster system being configured to operate in manner that creates or 
configures a firewall cluster on both internal and external network flow controllers 
to monitor the health of firewalls by probing firewall data packets through both 
Internal and external firewalls whereas the flow controllers distribute traffic based 
on the source and destination IP addresses of a packet and ensuring that all IP- 
based protocols are supported and within the range of IP based protocols. 

As per claim 2, Partridge discloses using an N-tuple space as the 
multidimensional space (see figures 1-2 and 4-5, data link format for header). 

As per claim 3, Partridge discloses assigning to the first processor a first 
region based on the N-tuple space (see figures 1-2 and 4-5, data link format for 
header). 

As per claim 4, Partridge discloses using the first address, such that the 
first address represents a point within the first region (see Figures 1-2 and 4-5, 
column 3, line 65 - column 4, line 32). 
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As per claim 5, Partridge discloses using N address values as the N-tuple, 
such that the N address values represent the point (see Figures 1-2 and 4-5, 
column 3, line 65 - column 4, line 32). 

As per claim 6, Partridge discloses using the N-tuple space, such that N is 
equal to a value of at least two (see Figures 1-2 and 4-5, column 3, line 65 - 
column 4, line 32). 

As per claim 7, Partridge discloses assigning to a second processor a 
second region based on the N-tuple space, such that the first region is separate 
from the second region (see figures 1-2 and 4-5, data link format for header). 

As per claim 8, Partridge discloses forwarding, at the second processor, a 
second packet with a second address determined based on the second region, 
such that the second packet does not conflict with the first packet (see Figure 1 , 
column 3, line 65 - column 4, line 1 1 and column 4, lines 22- 32). 

As per claim 9, Partridge discloses forwarding, at the second processor, a 
second packet with a second address determined based on the second region, 
such that the second address does not conflict with the first address (see Figure 
1 , column 3, line 65 - column 4, line 1 1 and column 4, lines 22- 32). 

As per claim 10, Partridge discloses receiving, at a first one of the 
processors, a packet (column 2, lines 11-17); reading, at the first processor, an 
N-tuple [data link format for header] address of the received packet (see Figure 
1, column 3,line 65 - column 4,line 11); determining whether the N-tuple address 
is within an N-tuple space assigned to the first processor (see Figure 1, column 
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3,line 65 - column 4, line 32);sencling the packet with the N-tuple address, when it 
is determined that the N- tuple address is within the N-tuple space assigned to 
the first processor (see Figure 1, column 3,line 65 - column 4, line 32) ; and 
determining a modified [TSU modifies the header] N-tuple address, when it is 
determined that the N- tuple address is not within the N-tuple space assigned to 
the first processor and sending the packet with the modified N-tuple address (see 
Figure 1 , column 3,line 65 - column 4, line 32). 

, Partridge is silent about selecting one of the firewall nodes for processing 
a first packet wherein a first processor is associated with the selected firewall 
node and having a firewall cluster within the single network. 

Mikkonen teaches selecting one of the firewall nodes for processing a first 
packet wherein a first processor is associated with the selected firewall node 
(See figure 1 , blocks 100a - 100b, see column 2, line 65 - column 3, line 40). 

Bommareddy teaches a firewall cluster within the single network (see 
figures 1, 4, and 8, column 1, line 66 - column 2, line 60, column 3, line 1 - 
column 4, line 58, column 6, line 13 - column 8, line 45, column 9, line 5 - 
column 10, line 67) and processing the set of data packet from first packet from 
first address to second address wherein the second address being within a range 
of addresses assigned by firewall cluster ((see figures 1 , 4, and 8, column 1 , line 
66 - column 2, line 60, column 3, line 1 - column 4, line 58, column 6, line 13 - 
column 8, line 45, column 9, line 5 - column 10, line 67, column 11, lines 9-65, 
column, column 15, line 40 - column 18, line 36)). 
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Therefore, it would liave been obvious to one liaving ordinary si^ill in the 
art at the time the invention was made to combine the teachings of Partridge, 
Mil<l<onen and Bommareddy to provide a enhanced pacl<et switched data 
handling system to a high speed network device securely switching data between 
the high speed network devices communicating behind the firewall clustering 
system using a enhanced hash function and arithmetic operations whereas the 
firewall cluster system being configured to operate in manner that creates or 
configures a firewall cluster on both internal and external network flow controllers 
to monitor the health of firewalls by probing firewall data packets through both 
Internal and external firewalls whereas the flow controllers distribute traffic based 
on the source and destination IP addresses of a packet and ensuring that all IP- 
based protocols are supported and within the range of IP based protocols. 

As per claim 11, Partridge discloses reading as the N-tuple address 
[reading headers of network packet address], a plurality of values from the 
received packet (see Figure 1 , column 3, line 65 - column 4, line 32). 

As per claim 12, Partridge discloses reading at least a source port (column 
1, lines 18-19, column 2, and lines 11-13). 

As per claim 13, Partridge discloses determining whether the N-tuple 
address Is within the N-tuple space based on a comparison between the N-tuple 
address of the packet and the N-tuple space assigned to the first processor (see 
Figures 1-2, column 3,line 65 - column 4, line 32, column 4, line 56 - column 5, 
line 43). 
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As per claim 14, Partridge discloses determining whether the N-tuple 
address of the packet is within the N-tuple space based a quadrant identifier [link 
level id] value, wherein the quadrant identifier value corresponds to the first 
processor (see Figures 1-5, column 3,line 65 - column 4, line 32, column 4, line 
56 - column 5, line 43). 

As per claim 17, Partridge discloses adding a value to the N-tuple 
address, such that the modified N-tuple address is within the N-tuple space 
assigned to the first processor (see Figures 1-2, column 3,line 65 - column 4,line 
32, column 4, line 56 - column 5, line 43). 

As per claim 18, Partridge discloses modifying the N-tuple address based 
on the quadrant identifier value (see Figures 1-2, column 3,line 65 - column 
4, line 32, column 4, line 56 - column 5, line 43). 

As per claim 19, Partridge discloses sending the packet with the N-tuple 
address, such that the packet does not conflict with another N-tuple address 
associated with a second one of the processors (see Figure 1, column 3,line 65 - 
column 4, line 11 and column 4, lines 22- 32). 

As per claim 21, Partridge discloses using a computer as the first 
processor (column 1, lines 8-10, column 3, and line 65). 

As per claim 22, Partridge discloses using a router as the first processor 
(column 1, line 11, column 3, and line 65). 
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As per claims 27, 30, and 45, claim 27, 30 and 45 do not teach or further 
define over the limitation as recited in claim 1. Therefore, claims 27, 30 and 45 
are rejected under same scopes as discussed in claimi , supra. 

As per claim 28, claim 28 does not teach or further define over the 
limitation as recited in claim 10. Therefore, claims 28 rejected under same 
scopes as discussed in claim 10, supra. 

As per claims 31-35 and 38-42, claims 31-35 and 38-42 do not teach or 
further define over the limitations as recited in claims 10-14. Therefore, claims 
31-35 and 38-42 are rejected under same scopes as discussed in claims 10-14, 
supra. 

8. Claims 15-16, 25-26, 29, 36-37, and 43-44 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over Partridge, Mikkonen, and Bommareddy as applied to 
claims 1-14, 17-19, 21-22, 27-28, 30-35, 38-42 and 45 above and further in view of End 
III US Patent Number 7,185,041 B1 (hereinafter End). 

Partridge, Mikkonen, and Bommareddy discloses receiving, at a first 
processor, a first packet; determining as a function of a multidimensional space 
for representing addresses processed by a set of data processors, a first address 
for the first packet; and forwarding the first packet based on the determined first 
address. 

Partridge, Mikkonen, and Bommareddy are silent about determining the 
identifier value based on a hash function and a modulo division. 
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As per claims 15, 36, and 43, End teaclies determining the identifier value 
based on a hash function (see column 4, lines 17-62). 

As per claim 16, End teaches determining the identifier value based on a 
hash function and a modulo division (see column 4, lines 17-62). 

Therefore, it would have been obvious to one having ordinary skill in the 
art at the time the invention was made to combine the teachings of Partridge, 
Mikkonen , Bommareddy and End to provide a enhanced packet switched data 
handling system to a high speed network device securely switching data between 
the high speed network devices communicating behind the firewall clustering 
system using a enhanced hash function and arithmetic operations whereas the 
firewall cluster system being configured to operate in manner that creates or 
configures a firewall cluster on both internal and external network flow controllers 
to monitor the health of firewalls by probing firewall data packets through both 
internal and external firewalls whereas the flow controllers distribute traffic based 
on the source and destination IP addresses of a packet and ensuring that all IP- 
based protocols are supported and within the range of IP based protocols. 

As per claim 24, Partridge discloses receiving, at a first one of the 
processors, a packet column 2, lines 11-17); reading, at the first processor, an N- 
tuple [data link format for header] address of the received packet (see Figure 1, 
column 3,line 65 - column 4, line 11); determining whether the read N-tuple 
address corresponds to the first processor based on the quadrant identifier (see 



Application/Control Number: 1 0/71 2,396 Page 1 3 

Art Unit: 2451 

Figure 1, column 3, line 65 - column 4,line 32);sencling the packet with the N- 
tuple address, when the quadrant identifier corresponds to the first processor 
(see Figure 1, column 3,line 65 - column 4, line 32); and determining a modified 
[TSU modifies the header] N-tuple address, when the quadrant identifier does not 
corresponds to the first processor and sending the packet with the modified N- 
tuple address(see Figure 1 , column 3,line 65 - column 4, line 32). 

However Partridge is silent about the quadrant identifier based on a hash 
function, and modulo division. 

End teaches the quadrant identifier based on a hash function, and modulo 
division (see column 4, lines 18-62). 

Therefore, it would have been obvious to one having ordinary skill in the 
art at the time the invention was made to combine the teachings of Partridge, 
Mikkonen , Bommareddy and End to provide a enhanced packet switched data 
handling system to a high speed network device securely switching data between 
the high speed network devices communicating behind the firewall clustering 
system using a enhanced hash function and arithmetic operations whereas the 
firewall cluster system being configured to operate in manner that creates or 
configures a firewall cluster on both internal and external network flow controllers 
to monitor the health of firewalls by probing firewall data packets through both 
internal and external firewalls whereas the flow controllers distribute traffic based 
on the source and destination IP addresses of a packet and ensuring that all IP- 
based protocols are supported and within the range of IP based protocols. 
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As per claim 25-26 Partridge is silent about the use of firewalls as the first 
processor. 

As per claim 25, Mikkonen teaches assigning each of the set of 
processors a firewall node number (See figure 1 , blocks 100a - 100b, see column 
2, line 65 - column 3, line 40). 

As per claim 26, Mikkonen teaches determining the address corresponds 
to the first processor based on firewall node number (See figure 1, blocks 100a - 
100b, see column 2,line 65 - column 3, line 40). 

Therefore, it would have been obvious to one having ordinary skill in the 
art at the time the invention was made to combine the teachings of Partridge, 
Mikkonen , Bommareddy and End to provide a enhanced packet switched data 
handling system to a high speed network device securely switching data between 
the high speed network devices communicating behind the firewall clustering 
system using a enhanced hash function and arithmetic operations whereas the 
firewall cluster system being configured to operate in manner that creates or 
configures a firewall cluster on both internal and external network flow controllers 
to monitor the health of firewalls by probing firewall data packets through both 
internal and external firewalls whereas the flow controllers distribute traffic based 
on the source and destination IP addresses of a packet and ensuring that all IP- 
based protocols are supported and within the range of IP based protocols.. 
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As per claims 29, 37, and 44, claim 29, 37 and 44 do not teach or further 
define over the limitation as recited in claim 24. Therefore, claims 29, 37 and 44 
are rejected under same scopes as discussed in claim 24, supra. 

Conclusion 

9. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

a. System and method for detecting and countering a network attack by 
Etheridge et al. US Publication Number 2004/0054925 A1 . 

b. Hash-based systems and methods for detecting, preventing, and tracing 
network worms and viruses by Milliken US Publication Number 2003/0115485 
Al. 

c. Dynamic packet filter utilizing session tracking by Goldberg et al. US 
Publication Number 2004/001 31 1 2 Al . 

d. IP datagram over multiple queue pairs by Graham et al. US Patent 
Number 7,133,405 B2. 

6. Handling packet fragments in a distributed network service environment 
by Albert et al. US Patent Number 6,742,045 B1 . 

10. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Contact Information 

1 1 . Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Saket K. Daftuar whose telephone number is 571-272- 
8363. The examiner can normally be reached on 8:30am-5:00pm M-W. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John Follansbee can be reached on 571-272-3964. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
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USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



IS. K. D./ 

Examiner, Art Unit 2451 
/John Follansbee/ 

Supervisory Patent Examiner, Art Unit 2451 



